Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
685
Views
0
Helpful
8
Replies

BGP conditional advertisemet - NON-EXIST route map's access-list problem

bdikici.55
Level 1
Level 1

‎03-15-2009 05:55 AM - edited ‎03-04-2019 03:56 AM

I am getting full internet route from ISP-1 and getting just a default route from ISP-2. ( Both ISP connection is terminated on the one central site router.) What i am trying to do , to make an ISP-2 connection is completly backup for inbound traffic. To achieve that ,i am trying to use BGP conditional advertisemet configuration. I have got a problem with NON-EXIST route map's access-list. In the NON-EXIST router map i am using the commands which is written below ;

ip as-path access-list 1 permit ^200 !!! (ISP-1 AS number) !!!

access-list 65 permit any !!! (permit any packet from ISP-2) !!!

route-map NON-EXIST permit 10 !!! (this matches any route from AS200) !!!

match ip address 65

match as-path 1

router bgp 10 !!! (My AS number) !!!

neighbor X.Y.Z.W (ISP-2 ip address) advertise-map ADVERTISE non-exist-map NON-EXIST !!! (What is says. This router will only advertise "networks defined in the route-map named ADVERTISE" if and only if "routes that are defined in the route-map named NON-EXISTS" do not appear in the BGP routing table.) !!!

with this configuration when the ISP-1 connection is up , my router still adversite my subnet to the ISP-2. What should i write in the access-list 65 to not advertise my subnet to the ISP-2 until the failure of ISP-1 connection ? ( As i said , i am getting the full internet table from ISP-1.)

Kind Regards...

Labels:
0 Helpful
8 Replies 8

bdikici.55
Level 1
Level 1

‎03-15-2009 06:33 AM

For better understanding , i have attached the topology screenshot and the router's configuration files. (By the way , this is a lab config.)

Regards.

20157-configs.rar
0 Helpful

bdikici.55
Level 1
Level 1
In response to bdikici.55

‎03-15-2009 06:55 AM

In the attached Router's configuration ,

access-list 65 permit 172.16.1.0 0.0.0.255

command is used and with this command bgp conditional advertisement is working fine.

But when i use ,

access-list 65 permit any

command , the conditional advertisement doesn't work.

0 Helpful

milan.kulik
Level 10
Level 10
In response to bdikici.55

‎03-15-2009 03:20 PM

Hi,

"The prefix tracked by the BGP speaker must be present in the IP routing table for the conditional advertisement not to take place."

see http://www.cisco.com/en/US/docs/ios/12_0/np1/command/reference/1rbgp.html

I'm afraid this is not fulfilled if you put ip permit any

to your access-list 65.

You need to choose a particular prefix to track.

BR,

Milan

0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee
In response to milan.kulik

‎03-15-2009 04:06 PM

Burak,

As Milan indicated, you need to track on a specific route for conditional to work. My suggestion would be to change ISP1 to only receive the default, which is sufficient as you want to implement a primary and backup scenario. You can then set the non-existent map to track the default route and as-path coming from ISP1, which should give you what you need. Receiving the full routing table from ISP1 does not add any value in your scenario and does consume way more memory.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee
In response to Harold Ritter

‎03-15-2009 04:16 PM

Sorry, I meant change ISP1 to only send the default route.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

bdikici.55
Level 1
Level 1
In response to Harold Ritter

‎03-15-2009 05:31 PM

Hello ,

In the future , it is possible to configure some filtering or some other custom configs , that's why one of the ISP's sending a full route , that's not going to be changed.

In this kind of setup , which prefix should i trust from ISP-1 for non-exist route-map's access-list ? I have tried to use subnet between ISP-1 and multihoming router , but no success.

0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee
In response to bdikici.55

‎03-15-2009 06:05 PM

Burak,

In this case, I would recommend tracking on a couple of root DNS subnets as these are highly reliable subnets. This can be done by changing your ACL as follow:

access-list 20 permit 198.41.0.0 0.0.0.255 /* a.root-servers.net */

access-list 20 permit 192.228.79.0 0.0.0.255 /* b.root-servers.net */

access-list 20 permit 192.33.4.0 0.0.0.255 /* c.root-servers.net */

access-list 20 permit 128.8.0.0 0.0.255.255 /* d.root-servers.net */

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

bdikici.55
Level 1
Level 1
In response to Harold Ritter

‎03-16-2009 12:29 AM

Hi Harold ,

I am going to try your recommendation. Kind Regards...

Burak Dikici

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card